Transferring files to air-gapped device

I have obtained a device that is almost running air-gapped. Still need to build a power source for it.

I have given up on notebooks and USB C devices, the power brick of USB C chargers are Ethernet over Powerline adapters, and inside modern notebooks are more than an few hidden comms that can’t be disassembled without breaking the notebook.

So I want to migrate data from a compromised device to the air-gapped device. I know my threat level, and chances of succeeding are slim. But non the less, I am not yet ready to toss all electronics in a bin and set it a blaze while smoking a cigar and sipping on quality whiskey marking the end of the human computer era.

So what are the options? I have read about a forensic data blocker that acts as intermediary, but it’s not cheap. And with the current soup that is Linux I have zero trust over the entire chain.

No, they are not. (this is a special feature in very few powerbricks)

No, there are no such things.

Extraordinary claims like these require evidence.

I respect your opinion, but I have done testing for years on many devices and I have have proof, but those remain classified until I have a truly air-gapped machine and clean room and a oscillator to monitor the radio signals.

Until now the evidence is stored securely.

But that doesn’t answer my question honestly.

And for a Privacy Guide forum to diminish such a statement is blatantly naive. Sorry If I offended you.

Wont a double conversion UPS sanitize your power line issues? Those are meant to smooth out “data”.

For the sake of argument I’ll assume this is true. If you want to have a guarantee that data cannot escape your air-gapped computer, it shouldn’t matter much if your laptop had any additional secret radios since your computer will still leak emanations regardless. Researchers have been able to send and/or receive data through various other components. Off the top of my head I believe they were able to communicate with speakers, hard drives, gyroscopes, processors, and probably more.

For a stronger guarantee you’d need to build a room which shields you from electromagnetic radiation and sound, which is obviously very expensive and difficult to build. Plus you’d need to be able to physically protect it from any intruders otherwise this is all useless. This isn’t realistic for lone individuals to achieve and if you’re not an extremely high value target, this isn’t a realistic threat to you.

I’m not familiar with “forensic data blockers” but maybe you can transfer data using a USB or DVD which has some form of physical write protection which you can enable before connecting it to the air-gapped computer?

If you have proof now, why do you need to wait before publishing it?

Edited due to being too harsh with this previous written comment. It was uncalled for and unprofessional from me. My apologies.

Security StackExchange has good resources on the topic.

You could consider using something like the OP’s setup here, but with Qubes.

A data diode made from a modified serial adapter or amodem might be what you’re looking for. There are also plenty of tools that allow transfering cryptocurrency or PGP things using QR code. If you do use an encrypted USB drive, at least ensure you’re working with virtual machines and virtual disks to mitigate badUSB and some side-channel attacks.

I don’t know your threat model, but maybe using two or three Qubes workstations, transfering data using encrypted disk images inside of an encrypted portable drive, and wiping the drive (including free space) after every data transfer. Qubes greatly helps reduce the risk of badUSB here.

As for your concerns about incidental computer radiation leaking data, this is a complicated subject that deserves its own thread. Your best defense is just being very far away from any threats, like being surrounded by an open field that you have eyes over. Living in a rural area helps. Beware that HDMI cables leak much worse than DisplayPort does. See: “TechRadar: /researchers find that millions of hdmi cables could betray their owners by transmitting data to eavesdroppers”

I agree with all the previous advice but I don’t see how transferring data over 2-3 workstations adds any notable protection against malicious USBs? If your threat model necessitates resorting to an air-gapped QubesOS machine, I think it’d be safer to assume you couldn’t make a USB safe by trying to wipe it.

I’d just be careful with where you purchase your USBs and make use of hidden tamper-evident storage containers, then hope QubesOS would contain any potential infection to a particular VM and that data exfiltration would be impractical due to the air-gap. You’d avoid spending a lot of extra time and money on what feels to me like security theatre, but correct me if I’m wrong.

Maybe frequently changing locations could complicate things for an adversary, but I don’t see how working in an open field would protect you if you were the target of this. One workaround could be using parabolic antennas to transmit/receive signals over greater distances. I could think of other workarounds as well but there isn’t much of a point in going over them. If your emanations are leaking out in the world, it’s safest to assume that someone could receive them somehow.

Using multiple workstations would be a measure of compartmentalization; with different workstations holding different types of data. Both the internet-facing workstation and the airgapped one should use reaasonably secure systems. To clarify, a setup could look like

PC DataDiode PC

AirgapQubes 1 <——————Sensitive Internet Activity Workstation (Also Qubes) ↔ Internet

AirgapQubes 2——————>

The 1st airgapped computer can be used for data that should be ingested, but NEVER let back out in the internet. This can be for receiving and storing sensitive information, a sort of black hole.

The 2nd airgapped computer can be used for sending data out.

This user made a similar setup as described above: https://security.stackexchange.com/questions/210411/send-and-receive-files-in-an-air-gapped-system

Here is a schematic of how the APT GoldenJackal, believed to be connected to the Russian FSB, was able to successful exfiltrate data from airgapped NATO government computers.

GoldenJackal1327×2000 115 KB

GoldenDealer, upon touching the air-gapped PCs, copies system info and hides it from the user as it is exfiltrated.

Wiping a USB drive (or any hard drive) after each data transfer would be meant to prevent malware from hiding the airgapped computer’s data similar to GoldenDealer. Its not full proof (because of stuff like firmware or dead storage) but it would prevent an attack similar GoldenJackal’s. A constantly-wiped drive could technically be used in lieu of a proper data diode, but using an actual data diode like a serial cable is safer.

Incidental radiofrequency emissions, as well as sound and other side-channels attenuate over distance. Having In order to perform monitoring of these emissions to get data from your airgapped device, an adversary would need to be close enough to get a strong enough signal. More expensive, complicated and rare equipment is needed to be able to gain clarity of keystrokes and monitor signals at higher distances, and there is ultimately a limit of how far such attacks can be performed. Shielding only goes so far, you need distance too if this is a consideration.

If a theoretical state attacker were looking to do a TEMPEST attack (extremely unlikely), they might park a normal looking van filled with equipment to spy on a person of interest’s monitor. Or rent a nearby hotel room. This can’t really be done without causing suspicion, if the person of interest lives in a rural area.

Look up google images of any sensitive government or intelligence agency facility. This is partially why they are typically surrounded by large fields, forests, or parking lots where only authorized personnel can enter.

But personally, I have never heard of TEMPEST being used in an actual investigation for police work. (And if it was used, the police would probably not talk about it.) Going in and physically planting bugs in a room, computer or keyboard is a much better tactic against an airgapped system, especially used by a person in an unguarded home. I don’t know OP’s threat model but I highly doubt TEMPEST would realistically be part of it.

Ohh I terribly misunderstood the suggestions, thanks for the detailed clarification.

Hi all, I wanted to thank everyone who participated in this thread — and I’d like to clarify my position, especially regarding the mention of TEMPEST attacks and side-channel threats.

I’m not trying to suggest these attacks are common or that they’re actively targeting most users. What I am doing is:

• Operating from a high-threat, high-integrity model where air gaps are essential.

• Trying to eliminate covert vectors that rely on firmware, side-channels, or invisible interference.

• Acknowledging that modern side-channel research has evolved, and I want to design defensively.

Here are some specific clarifications, with citations and brief takeaways:

TEMPEST ≠ Fiction

The idea of electromagnetic side-channel attacks (“TEMPEST”) is very real — though mostly applicable to specialized threats.

“TEMPEST is a codename referring to investigations and studies of compromising emissions.”

— Wikipedia: TEMPEST

Historically, this meant Van Eck phreaking of CRTs. But today, researchers have shown more subtle and powerful methods using modern tech.

This 2021 peer-reviewed paper showed that electromagnetic emissions from mobile phone screens can be intercepted — even without line-of-sight — and used to reconstruct the display contents:

“Screen Gleaning: A Screen Reading TEMPEST Attack on Mobile Devices Exploiting an Electromagnetic Side Channel”

– arXiv 2011.09877, NDSS 2022 Paper

Key findings:

• Passive EM leakage from the display driver can be captured with an antenna and SDR.

• Machine learning models reconstruct gray-scale images of what’s shown on screen.

• Leakage is observable even with no physical access.

So yes, it exists. And no, it’s not widespread — but it is technically feasible under the right (wrong?) conditions.

For those concerned about air-gapped systems (like me), here are things worth considering which some of you already suggested, thank you for that confirmation

• Firmware infected USB Drives:

Use optical data diodes or burnable optical media (CD-R/DVD-R).

• Side-channel / EM leakage:

Place sensitive systems inside a shielded (Faraday) enclosure, or use passive analog output (e.g., e-ink displays with no backlight).

— the e-ink display is definitely one that I consider to implement. Especially since they matured a lot last year both in size and functionality.

• Powerline interference / EMI:

Use isolated battery banks, avoid shared grid connection during sensitive operations.

• DNS spoofing or MITM in compromised system:

Use air-gapped mirror of DNS root zone, or hardcoded .onion or IP map. Validate all packages cryptographically.

ATM my mind is foggy, but I’m trying.

Due to ongoing DNS spoofing (cross device, cross borders, different systems that never co-existed in the same environment), I don’t trust my searches to return real results anymore. I’m offloading this effort to a known air-gapped system I’m rebuilding from scratch — bit by bit — but it takes time and care. That’s why I came here: to leverage the collective insight of this community.

Thanks for understanding.
I’ll post more detailed notes on secure file transport, but in short:

USB ≠ safe anymore. I’m exploring CD/DVD, RS-232, optical transfer, and more radical “clean-room” approaches. I’ll post findings once I can validate them from an uncompromised setup.

If anyone else has experience defending against low-level firmware, EM leaks, or optical-exfil risk, I’d love to hear more!

Edit: The end goal is moving away from Linux and switch to a BSD system for obvious reasons. The current state of Linux is unsustainable, but it requires from my perspective a whole lot of effort to master it, all while dealing with information that I can’t trust as genuine, due to the DNS spoofing on ISP level, faked and manipulated Cert Stores on any device that I touch and the very limited information that I “may/can” access is often well over a decade old if not 2 decades.